<?php require ("../header.php"); ?>
<?php
	//check admin session.
	if ($ad_check<1){
			header ("Location:../../login.php?action=0");
	}
?>

<?php	
	//get POST data from form.
	if (isset($_POST['Submit'])) {
		$department=$_POST['note_department'];
		$subject=$_POST['note_subject'];
		$course=$_POST['note_course'];
		$topic=$_POST['note_topic'];
		$desc=$_POST['note_desc'];
		$file_name=$_FILES['note_upload']['name'];
		$file_size=$_FILES['note_upload']['size'];
	} else {
		echo "<center><br><br><br><br><br><br>You cannot access this file directly.  Please use the note's registration form.
			</center><br><br><br><br><br><br><br><br>";
		echo "<META http-equiv=\"refresh\" content=\"2;URL=note_reg.php\">";
		require ("footer.php");
		exit();
	}
?>

<?php 
	//Set the file upload to have the new filename.
	//get the extension of the file
	$ext = strtolower(substr(strrchr($file_name, "."), 1));
	//eliminate spaces between topic and change the space to dash
	$topic_file=str_replace(' ','_',$topic);
	//rename the files
	$filename="{$department}_{$subject}_{$course}-{$topic_file}.{$ext}";
?>

<?php
	//Setting all the data for file uploaded by admin.
	list($a,$b,$c)=split('[/]',$id);
	$folder="{$a}_{$b}_{$c}/";
	$up_folder="uploads/{$folder}";
	//check if the files is .exe or not.  If it is an execution file, the engine will terminate to prevent viruses to be uploaded.
	if ($ext!="exe") {
	//check the folder existence.  
	if (file_exists($up_folder)) {
		if(move_uploaded_file($_FILES['note_upload']['tmp_name'],$up_folder.$filename)) {
			//insert data into database.
			$up_lock="{$up_folder}{$filename}";
			$sql_insert_data="INSERT INTO notes (note_subject,note_course,note_department,note_topic,note_desc,note_admin_id,note_location)
						 VALUES ('$subject','$course','$department','$topic','$desc','$id','$up_lock')";
			$insert_data=mysql_query($sql_insert_data);
			
			//Output success upload.
			echo "<center><br><br><br><br><br><br>YOUR NOTES UPLOAD WAS SUCCESSFUL. THANK YOU</center><br><br><br><br><br><br><br><br>";
			echo "<META http-equiv=\"refresh\" content=\"2;URL=admin.php\">";
		} else {
			echo "<center><br><br><br><br><br><br>YOUR NOTES UPLOAD CANNOT BE DONE. YOU WILL BE REDIRECT TO NOTE REGISTRATION FORM IN A FEW MOMENT.
					</center><br><br><br><br><br><br><br><br>";
			echo "<META http-equiv=\"refresh\" content=\"2;URL=note_reg.php\">";
		}
	} else {
		//in this you can create and then process the upload files to the new folder created.
		mkdir($up_folder,0755);
		//upload the files into new folder created
		if(move_uploaded_file($_FILES['note_upload']['tmp_name'],$up_folder.$filename)) {
			//insert data into database.
			$up_lock="{$up_folder}{$filename}";
			$sql_insert_data="INSERT INTO notes (note_subject,note_course,note_department,note_topic,note_desc,note_admin_id,note_location)
						 VALUES ('$subject','$course','$department','$topic','$desc','$id','$up_lock')";
			$insert_data=mysql_query($sql_insert_data);	
			
			//Output success upload.
			echo "<center><br><br><br><br><br><br>YOUR NOTES UPLOAD WAS SUCCESSFUL. THANK YOU</center><br><br><br><br><br><br><br><br>";
			echo "<META http-equiv=\"refresh\" content=\"2;URL=admin.php\">";
		} else {
			echo "<center><br><br><br><br><br><br>YOUR NOTES UPLOAD CANNOT BE DONE. YOU WILL BE REDIRECT TO NOTE REGISTRATION FORM IN A FEW MOMENT.
					</center><br><br><br><br><br><br><br><br>";
			echo "<META http-equiv=\"refresh\" content=\"2;URL=note_reg.php\">";
		}
	}
	}else{
		echo "<center><br><br><br><br><br><br>YOUR NOTES UPLOAD CANNOT BE DONE. UPLOADING AN .EXE FILES IS FORBIDDEN.
					</center><br><br><br><br><br><br><br><br>";
		echo "<META http-equiv=\"refresh\" content=\"2;URL=note_reg.php\">";
	}
?>

<?php require ("../footer.php"); ?>